package JAVA_SV_EMAIL_HOST;

import java.io.IOException;
import java.util.Properties;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import java.io.IOException;
import java.util.Properties;

public class Vulnerable_01 {
    public class JavaEmailHostSecured {

        public Session getEmailSession(String args[]) throws IOException {
            Properties props = new Properties();
            String username = "username@gmail.com", password = "password";
            props.put("mail.smtp.host", "smtp.gmail.com");
            props.put("mail.smtp.socketFactory.port", "465");
            props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");  // Noncompliant; Session is created without having "mail.smtp.ssl.checkserveridentity" set to true
            props.put("mail.smtp.auth", "true");
            props.put("mail.smtp.port", "465");
            Session session = Session.getDefaultInstance(props, new javax.mail.Authenticator() {
                protected PasswordAuthentication getPasswordAuthentication() {
                    return new PasswordAuthentication(username, password);
                }
            });
            return session;
        }
    }
}
